Facebook Implements 'Download Your Profile' Option 114
eldavojohn writes "Facebook is rolling out some new changes (including groups) that are supposed to liberate user control. But something that might interest Slashdot readers even more is that they now allow you to download all your information from Facebook. That's everything — all your posts, pictures, videos, friend lists, etc. A video from David of the Open Source team at Facebook explains how it will work, although I don't see that option on my profile yet (they are slowly rolling it out). There's not a lot of details yet, but they at least require you to click a link from an e-mail and reenter your password to get this (to avoid spambots harvesting everyone's data and careless use of public computers resulting in data leaks). Perhaps competitors like Diaspora would be interested in using this base information to germinate user seeds?"
A nice gesture of openness (Score:1, Insightful)
Well this certainly makes it much more easier to move your nonsense-data around, but how long untill all the data is available on piratebay?
No security concerns here... (Score:5, Insightful)
Re:No security concerns here... (Score:1, Insightful)
It would have to be a permanent disabler then, or at least require external verification to re-enable (email/text/voice message ID, whatever). Not that there's much point in disabling it anyway... webpage scraping isn't that hard.
Wow... (Score:2, Insightful)
So now hackers have even more reason to go after your Facebook account. All that data in one nice, neat little download? Hackers paradise.
Well, The Response Was a Bit Harsh ... (Score:4, Insightful)
Maybe, but it already looks like Diaspora development is starting to slow down. OK, there have been some commits today, but I expected to see more activity than what's currently going on.
Well, following the release of the Diaspora source code everyone did kind of rip them apart [slashdot.org] (myself included [slashdot.org]). We all sort of hoped that such criticism would be constructive and the developers would redouble their efforts or seek more help or new developers would aid them.
It's equally likely that after receiving black eyes instead of kudos, developers left Diaspora in droves. It might end up being a failed project with important lessons learned [slashdot.org].
Re:A nice gesture of openness (Score:3, Insightful)
Nice move on Facebook's part to help train their users to click on links in e-mails that take them to websites to enter authentication credentials.
Re:No security concerns here... (Score:2, Insightful)
Re:No security concerns here... (Score:5, Insightful)
I'll have to give FB credit here where it is due. There have been major complaints that your FB data isn't portable, so they have you stuck in a lock-in. This is clearly a response to those complaints. I'll be the first to hate on FB, and I still don't have an account, but we can't have it both ways bro. This brought me one step closer to signing up.
Re:A nice gesture of openness (Score:5, Insightful)
Re:A nice gesture of openness (Score:4, Insightful)
I would think the email with the link would be sent to the user in repsonse to a request of some sort. You know, you request your data, they email you a link to get it ...
Have you never forgotten the password you use for an infrequently-visted site and had them email you a temporary one? This sounds like the same thing.
Re:A nice gesture of openness (Score:5, Insightful)
Those kinds of e-mails are known as phishing and spear phishing attacks. They are very common and very dangerous.
Facebook has had no end of security problems. Now with the publicity that they will be sending out e-mails that have a link, wait a few days and see what hits in computer security news.
High times from the past (Score:4, Insightful)
Re:To Reiterate! (Score:3, Insightful)
To be fair, we are probably talking about people who use the same password for everything.
ALL of your data? (Score:4, Insightful)
allow you to download all your information from Facebook
The question is, does it really allow you to download all of your data? Does it let you download everything anyone has ever posted on your profile? If it did, this could give you some idea of what Facebook has stored about you.
Re:To Reiterate! (Score:3, Insightful)
If I hack your FB account, can't I change the email associated with it?
Re:A nice gesture of openness (Score:1, Insightful)
I was speaking with a bar tender in the airport the other week.
He said he'd discovered what happens if he googles himself ... he gets loads of links into Facebook that he and others have put up, and that he had assumed was private.
He subsequently went through and deleted everything and filled in the profile with garbage information.
When a bartender starts figuring out that Facebook has shitty privacy, it should be pretty obvious to everyone. (No offense to bartenders, they're not stupid people, just not who you think to go to for tech opinions.)
Sending it to you in an email link is just another in a long series of ways in which Facebook has never been a place you should trust. Hell, my mother (a senior citizen) has figured out not to trust Facebook.
Yeah But You Get a Notification with Revert Option (Score:4, Insightful)
If I hack your FB account, can't I change the email associated with it?
Yes, but the original e-mail address associated with your account gets e-mailed a notification allowing that to be blocked and if you do block it you have to change your password:
Now, you'd probably prefer that the original e-mail address has to okay the transition but that's how they have it implemented. So you're right, they could change the account associated with it if they know your Facebook password (it asks you at every step of the way). Then they could request the zip and wait to get the e-mail. But if you checked your e-mail in that time and canceled the new e-mail and changed your password you'd be safe.
That's definitely something they could do -- block the request of a new e-mail until an old one is okayed. But then you run into the trouble of someone hacking your e-mail account and gaining access to your Facebook account that way. In that case, they could change your Facebook account over to their e-mail account and then okay it in your hacked e-mail account. Once that's done, how would you reclaim your profile? They would always have the account associated with it.
Also if your old e-mail gets hacked and you have no way of getting it back, you're kind of at the mercy of the person who has your old e-mail as you'll never be able to change the e-mail address associated with your Facebook status and if you do, you'll tip them off that they also have your Facebook account to do with as they please.
What it usually boils down to is if your account is compromised, your account is compromised.
Thank you Facebook (Score:5, Insightful)
Re:You know (Score:3, Insightful)
Probaby because no one was using it. Combine that with their desire to add new features that would break that kind of functionality, and I can see why they wouldn't want to continue to support it.
Re:A nice gesture of openness (Score:3, Insightful)
Your doing it wrong. Or at least applying it wrong. In your want to find something incorrect with Facebook you're ignoring the fact that sending an email to the user to confirm they are who they say they are before they are allowed to do things like change their password or download all their data is a tenet of website security in and of itself. These emails are always accompanied by the message "If you did not request this change/email then disregard this message and contact our fraud/tech/blah department". It would be neigh impossible for a spammer to somehow manage to send such a spam email that would show up next to the real one the very instant the user requested the feature that told them they will receive this email. .
Re:A nice gesture of openness (Score:2, Insightful)
Probably to make Facebook more useful... (Score:4, Insightful)
Facebook has 500 million users. At this point, they have few places to go, but down is a very likely possibility if they don't extend themselves into the fabric of the net and collaborate so they will always stick around in some form or another. Zuckerberg reportedly even made a contribution to the Diaspora guys in an undisclosed amount because he thinks the idea has merit... or, more likely, he wants to make sure there's cross-compatibility for years to come.
One other point, sort of tangential to the topic... Some of the comments in preceding discussions about Diaspora keep falling back on the "oh sure four guys in a garage with no professional experience EVER got a project off the ground" sort of sarcasm. Ok, I know it's all wonderful and cool to us nerds to rely on sarcasm and cynicism, but a little perspective should be in order as well: Facebook, Apple, Google, Yahoo and other "garage" startups... There's a reason there's only a handful of them. There are a ton of coders, but not everyone is Harvard educated, massively talented, in the right place at the right time or any combination of these. Not every coder who thinks he has a great idea can execute... ... Conversely, not everyone needs to be a Sergey Brin, Mark Zuckerberg or Steve Wozniak. In this Age of Entitlement, we all like to think life is a choice between either being rich or being nothing... but there's plenty of respectable room in between, even if all your project does is get you solid employment at someone else's company.
Re:A nice gesture of openness (Score:4, Insightful)